Highest Voted 'attacks' Questions - Server Fault Stack Exchange

2

votes

4 answers

Server FTP attack from multiple IP addresses spanning 5 countries - how can this be?

I recently had an FTP attack where 3 files were copied into public HTML directory of my domain. (It looks like the FTP password was compromised, but I'm still investigating this.) The strange thing is that the FTP log documented 5 separate IP…

ftp hacking attacks

asked Jun 21 '10 at 16:24

Owen

356
5
20

2

votes

4 answers

Website attacked with a hidden iframe (q5x.ru)

A website of mine has recently been infected with some sort of attack that involved injecting a hidden iframe, and it's source was from a site q5x.ru (do not link). A Google search didn't help me in figuring out how this attack my have took place,…

website exploit malware attacks

asked Jul 30 '09 at 09:08

Andreas Grech

195
1
1
7

2

votes

1 answer

How HTTP POSTing to a CSS resource could be useful to an http attacker?

After a surge in network activity, checking the logs of Apache that's serving a casual minimal WordPress site, through a Cloudflare proxy, I see the following entry repeated hundreds of times: 172.71.98.180 - - [22/Aug/2022:01:59:06 +0000] "POST…

http attacks

asked Aug 22 '22 at 14:38

Sam Sirry

189
10

2

votes

0 answers

Apache PHP REST API handle/block web attack attempts

We're currently running a PHP API (all URL's get rewritten to index.php for route-handeling) on an Apache Debian server. Edit: (I think I might have landed on the wrong StackExchange for this question, so my apologies for that, came here from…

apache2 web-services block attacks

asked Jun 18 '20 at 08:50

Bert Maurau

121
2

1

vote

2 answers

AWS EC2 instance crashes when scanned by bots

I've created a simple micro EC2 instance based on Amazon Linux AMI for testing an app while I develop it, but it happens that every day it stops answering giving me error 503. It have it's own domain set with Cloudfront. On AWS the instance appears…

amazon-web-services amazon-ec2 apache-2.4 attacks

asked May 22 '19 at 10:05

ThyagoTC

13
3

1

vote

1 answer

Mitigating 404 bomb with Nginx

I am hit with 404 queries and this is bringing down my machine. Close to all of my pages are http cached and I have some basic Dos protection with limit_conn_zone $http_x_forwarded_for zone=addr:10m; limit_conn addr 8; limit_req_zone…

nginx http-status-code-404 denial-of-service attacks

asked May 07 '18 at 03:36

Quintin Par

4,373
11
49
72

1

vote

2 answers

Typo3 - server attack, too many php requests ends in error 500 and 503

I have an older Typo3 (v4.5.x) site and since a while my server is under attack by a script kiddie. He sends quite some PHP requests of URLs which do not exists on my server. I got so many PHP 500 errors back and after a while the number of parallel…

php attacks vulnerability typo3

asked Nov 21 '16 at 23:12

megloff

403
4
11

1

vote

1 answer

Apache 404 errors with "hello" as URL

My web server emails me if a 404 error occurs (to help me with missing links). I only had the usual 404's like http://www.example.com/administrator and so on. But lately I keep getting a request for http://www.example.com/hello. I seem to get them…

http-status-code-404 attacks

asked Dec 24 '15 at 16:58

G Trawo

153
6

1

vote

1 answer

Server attack but on Upload not Download

I am currently being attacked on one of my servers, but I am struggling to find out what could be causing it. I have had a few DDoS attacks before but this particular attack, which I'm not sure what it is, seems to be affecting the outgoing data…

attacks

asked Mar 27 '15 at 15:53

Mr. Hedgehog

128
7

1

vote

0 answers

How to block hping3 SYN ACK efficiently with iptables?

I'm trying to execute a TCP SYN flood on my Debian web server with nginx. Executing tcpdump "tcp[tcpflags] & (tcp-syn) != 0" while flooding, I see all packets coming. iptables seem to work well with SYN packets generated from raw socket, but not…

nginx iptables attacks flooding syn

asked Mar 11 '15 at 23:47

Franzz

11
2

1

vote

3 answers

Email server attack from telnet

My mail server having a problem on blocking some attacker that trying to telnet to our mailserver. but i'm not able to block it, ip will keep changing even we block by ip. seems like he is trying to telnet instead of normal from smtp…

smtp email-server telnet smtp-auth attacks

asked Feb 13 '15 at 08:19

Min Hong Tan

147
2
11

1

vote

2 answers

Can't block spammy IP

I'm being attacked by 37.59.4.76. It's sending me a great amount of data, which is destroying my dataplan. I've added the iptables Chain num pkts bytes target prot opt in out source destination DENYIN …

centos iptables tcp csf attacks

asked Oct 29 '14 at 11:45

Hedam

193
2
9

1

vote

1 answer

How to set permissions for www/dir and make sure no security threats arise

I've a peculiar situation. I've VPS that I use for my own projects. A friend of mine asked me to host his wordpress blog. Now I've setup my VPS very straightforward, all projects are under /www and apache has write access to these folders…

security wordpress attacks

asked Feb 19 '14 at 17:38

Red Balloon

35
8

1

vote

1 answer

How to read sFlow?

We currently have a very large outbound DDOS Attack coming from one of our machines which is on a Brocade switch and monitored by PRTG. I am looking at the sFlow v5 8 sensor and see Top Talkers and Top Connections, but cannot make heads or tails of…

monitoring ddos brocade attacks sflow

asked Feb 05 '14 at 02:56

Aidan Knight

650
3
11
19

1

vote

1 answer

How To Protect Tomcat 7 Against Slowloris Attack

I'm using Apache Tomcat 7 to run my webapp on Linux. I scanned it by Acunetix and it's telling me that my webapp is vulnerable to "Slow HTTP Denial of Service Attack". How can I protect it? Acunetix is reffering me to here, but it's about securing…

denial-of-service tomcat7 attacks malware

asked Sep 17 '13 at 06:08

Amin Sh

131
1
6

Questions tagged [attacks]